first draft

Author: Shereen-Bhar

articles/defender-for-iot/organizations/detect-windows-endpoints-script.md

@@ -45,25 +45,24 @@ The script described in this article is supported for the following Windows oper
 
 ## Download the script
 
-Offline WMI
-To preform offline WMI complete the following steps:
-1. Download the script, extract it and run 'run.bat' as administrator directly on the Windows endpoint
-2. Import the received output file to the sensor - cx_snapshot_[machinename]_[current date time].
-3. In Data mining's Devices applications report, you can view the device applications.
-4. Based on this information, the Windows device CVE list will be displayed in Azure if the sensor is cloud-connected
+In order to run the script, you first need to download it from the OT sensor console.
 
-:::image type="content" source="media/detect-windows-endpoints-script/download-wmi-script.png" alt-text="Screenshot of where to download WMI script." lightbox="media/detect-windows-endpoint-script/download-wmi-script.png":::
+1. Sign into your OT sensor console, and select **System Settings** > **Import Settings** > **Windows Information**.
+
+1. Select **Download script**.
+
+    :::image type="content" source="media/detect-windows-endpoints-script/download-wmi-script.png" alt-text="Screenshot of where to download WMI script." lightbox="media/detect-windows-endpoint-script/download-wmi-script.png":::
 
 ## Run the script
 
-This procedure describes how to obtain, deploy, and run the script on the Windows workstation and servers that you want to monitor in Defender for IoT.
+This procedure describes how to deploy and run the script on the Windows workstation and servers that you want to monitor in Defender for IoT.
 
 The script you run to detect enriched Windows data is run as a utility and not as an installed program. Running the script doesn't affect the endpoint.
 
-1. To acquire the script, [contact customer support](mailto:support.microsoft.com).
-
 1. Deploy the script once, or using ongoing automation, using standard automated deployment methods and tools.
 
+1. Download the WMI script as described [earlier](#download-the-script).
+
 1. Copy the script to a local drive and unzip it. The following files appear:
 
     - `start.bat`
@@ -95,11 +94,34 @@ After having run the script as described [earlier](#run-the-script), import the
 
 1. Select **Import File**, and then select all the files (Ctrl+A).
 
+    :::image type="content" source="media/detect-windows-endpoints-script/import-wmi-script.png" alt-text="Screenshot of where to import WMI script." lightbox="media/detect-windows-endpoint-script/import-wmi-script.png":::
+
 1. Select **Close**. The device registry information is imported and a successful confirmation message is shown.
 
     If there's a problem uploading one of the files, you'll be informed which file upload failed.
 
+## Offline WMI
+
+To preform offline WMI:
+
+1. [Download the script](#download-the-script), then extract it.
+
+1. Run `run.bat` as administrator directly on the Windows endpoint.
+
+    After the script runs to probe the registry, a CX-snapshot file appears with the registry information. The filename indicates the machine name and the current date and time of the snapshot with the following syntax: `cx_snapshot_[machinename]_[current date time]`.
+
+1. [Import](#import-device-details) the received output file to the sensor.
+
+**To view the devices applications:**
+
+1. Sign into your OT sensor console, and select **Data mining**.
+
+1. Select **+ Create report** to [create a custom report](how-to-create-data-mining-queries.md#create-an-ot-sensor-custom-data-mining-report). In the **Choose Category** field, select **Devices Applications**. For example:
+
+    :::image type="content" source="media/detect-windows-endpoints-script/devices-applications-report.png" alt-text="Screenshot of where to import WMI script." lightbox="media/detect-windows-endpoint-script/devices-applications-report.png":::
+
+Based on this information, the Windows device CVE list will be displayed in Azure if the sensor is cloud-connected.
+
 ## Next steps
 
 For more information, see [Detect Windows workstations and servers with a local script](detect-windows-endpoints-script.md) and [Import extra data for detected OT devices](how-to-import-device-information.md).
-

articles/defender-for-iot/organizations/how-to-work-with-the-sensor-device-map.md

@@ -31,7 +31,7 @@ To view devices across multiple sensors in a zone, you'll also need an on-premis
     - Starred devices are those that had been marked as important
     - Devices with no alerts are shown in black, or grey in the zoomed-in connections view
 
-    For example: 
+    For example:
 
     :::image type="content" source="media/how-to-work-with-maps/device-map-default.png" alt-text="Screenshot of a default view of an OT sensor's device map." lightbox="media/how-to-work-with-maps/device-map-default.png":::
 
@@ -45,7 +45,7 @@ To view devices across multiple sensors in a zone, you'll also need an on-premis
     - The number of devices grouped in a subnet in an IT network, if relevant. This number of devices is shown in a black circle.
     - Whether the device is newly detected or unauthorized.
 
-1. Right-click a specific device and select **View properties** to drill down further to the **Map View** tab on the device's [device details page](how-to-investigate-sensor-detections-in-a-device-inventory.md#view-the-device-inventory). 
+1. Right-click a specific device and select **View properties** to drill down further to the **Map View** tab on the device's [device details page](how-to-investigate-sensor-detections-in-a-device-inventory.md#view-the-device-inventory).
 
 ### Modify the OT sensor map display
 
@@ -73,7 +73,6 @@ To see device details, select a device and expand the device details pane on the
 - Select **Event Timeline** to jump to the device's [event timeline](how-to-track-sensor-activity.md)
 - Select **Device Details** to jump to a full [device details page](how-to-investigate-sensor-detections-in-a-device-inventory.md#view-the-device-inventory).
 
-
 ### View IT subnets from an OT sensor device map
 
 By default, IT devices are automatically aggregated by [subnet](how-to-control-what-traffic-is-monitored.md#define-ot-and-iot-subnets), so that the map focuses on your local OT and IoT networks.
@@ -94,7 +93,6 @@ By default, IT devices are automatically aggregated by [subnet](how-to-control-w
 1. Sign into your OT sensor and select **Device map**. 
 1. Select one or more expanded subnets and then select **Collapse All**.
 
-
 ## Create a custom device group
 
 In addition to OT sensor's [built-in device groups](#built-in-device-map-groups), create new custom groups as needed to use when highlighting or filtering devices on the map.
@@ -103,7 +101,7 @@ In addition to OT sensor's [built-in device groups](#built-in-device-map-groups)
 
 1. In the **Add custom group** pane:
 
-    - In the **Name** field, enter a meaningful name for your group, with up to 30 characters. 
+    - In the **Name** field, enter a meaningful name for your group, with up to 30 characters.
     - From the **Copy from groups** menu, select any groups you want to copy devices from.
     - From the **Devices** menu, select any extra devices to add to your group.
 
@@ -113,12 +111,11 @@ Use one of the following options to import and export device data:
 
 - **Import Devices**. Select to import devices from a pre-configured .CSV file.
 - **Export Devices**. Select to export all currently displayed devices, with full details, to a .CSV file.
-- **Export Device Summary**. Select to export a high level summary of all currently displayed devices to a .CSV file. 
-
+- **Export Device Summary**. Select to export a high level summary of all currently displayed devices to a .CSV file.
 
 ## Edit devices
 
-1. Sign into an OT sensor and select **Device map**. 
+1. Sign into an OT sensor and select **Device map**.
 
 1. Right-click a device to open the device options menu, and then select any of the following options:
 
@@ -142,13 +139,12 @@ You can only merge [authorized devices](device-inventory.md#unauthorized-devices
 
 > [!IMPORTANT]
 > You can't undo a device merge. If you mistakenly merged two devices, delete the devices and then wait for the sensor to rediscover both.
-> 
 
 **To merge multiple devices**:
 
 1. Sign into your OT sensor and select **Device map**.
 
-1. Select the authorized devices you want to merge by using the SHIFT key to select more than one device, and then right-click and select **Merge**. 
+1. Select the authorized devices you want to merge by using the SHIFT key to select more than one device, and then right-click and select **Merge**.
 
 1. At the prompt, select **Confirm** to confirm that you want to merge the devices.
 
@@ -189,7 +185,6 @@ You may have situations where you'd want to handle multiple notifications togeth
 
 When you handle multiple notifications together, you may still have remaining notifications that need to be handled manually, such as for new IP addresses or no subnets detected.
 
-
 ### Device notification responses
 
 The following table lists available responses for each notification, and when we recommend using each one:
@@ -233,7 +228,6 @@ On the on-premises management console, zone maps show all network elements relat
 
 1. Right-click a device shown in red and select **View alerts** to jump to the **Alerts page**, with alerts filtered only for the selected device.
 
-
 ## Built-in device map groups
 
 The following table lists the device groups available out-of-the-box on the OT sensor **Device map** page. [Create extra, custom groups](#create-a-custom-device-group) as needed for your organization.
@@ -257,4 +251,3 @@ The following table lists the device groups available out-of-the-box on the OT s
 ## Next steps
 
 For more information, see [Investigate sensor detections in a Device Inventory](how-to-investigate-sensor-detections-in-a-device-inventory.md).
-

articles/defender-for-iot/organizations/media/detect-windows-endpoints-script/devices-applications-report.png

@@ -101,7 +101,9 @@ To understand whether a feature is supported in your sensor version, check the r
 
 **Supported until**: 03/2024
 
-- add items here
+- [Download WMI script from OT sensor console](detect-windows-endpoints-script.md#download-the-script)
+- [Automatically resolved notifications for operating system changes and device type changes](how-to-work-with-the-sensor-device-map.md#device-notification-responses)
+- [UI enhancements when uploading SSL/TLS certificates](how-to-deploy-certificates.md#deploy-a-certificate-on-an-ot-sensor)
 
 ### 22.3.6 / 22.3.7
 

articles/defender-for-iot/organizations/media/detect-windows-endpoint-script/download-wmi-script.png renamed to articles/defender-for-iot/organizations/media/detect-windows-endpoints-script/download-wmi-script.png

@@ -20,7 +20,27 @@ Features released earlier than nine months ago are described in the [What's new
 
 |Service area  |Updates  |
 |---------|---------|
-| **OT networks** | **Sensor version 22.3.8**: <br>- add items here |
+| **OT networks** | **Sensor version 22.3.8**: <br>- [Download WMI script from OT sensor console](#download-wmi-script-from-ot-sensor-console) <br>- [Automatically resolved OS and device type notifications](#automatically-resolved-os-and-device-type-notifications) <br>- [UI enhancement when uploading SSL/TLS certificates](#ui-enhancement-when-uploading-ssltls-certificates) |
+
+### Download WMI script from OT sensor console
+
+The WMI script can now be downloaded from the OT sensor console.
+
+For more information, see [Download the script](detect-windows-endpoints-script.md#download-the-script)
+
+### Automatically resolved OS and device type notifications
+
+Starting in version 22.3.8, selected notifications on the OT sensor's **Device map** page are now automatically resolved if they aren't dismissed or otherwise handled within 14 days.
+
+After updating your sensor version, the **Operating system changes** and **Device type changes** notifications no longer appear.
+
+For more information, see [Device notification responses](how-to-work-with-the-sensor-device-map.md#device-notification-responses)
+
+### UI enhancement when uploading SSL/TLS certificates
+
+The OT sensor version 22.3.8 has an enhanced **SSL/TLS Certificates** configuration page for defining your SSL/TLS certificate settings and deploying a CA-signed certificate.
+
+For more information, see [Deploy a certificate on an OT sensor](how-to-deploy-certificates.md#deploy-a-certificate-on-an-ot-sensor).
 
 ## March 2023